On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train
Metrics
Affected Vendors & Products
References
History
Mon, 16 Sep 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | In Arista's EOS software affected releases, the shared secret profiles sensitive configuration might be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device. | In Arista's EOS software affected releases, the shared secret profiles sensitive configuration might be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device. |
MITRE
Status: PUBLISHED
Assigner: Arista
Published: 2021-10-21T16:41:47.224918Z
Updated: 2024-09-16T17:39:06.302Z
Reserved: 2021-03-16T00:00:00
Link: CVE-2021-28496
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-10-21T17:15:07.740
Modified: 2024-11-21T05:59:46.883
Link: CVE-2021-28496
Redhat
No data.